http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspxTransparent data encryption (TDE) in SQL Server 2008 enterprise edition is a great tool for protecting your data ‘at rest’ , but you need to be careful when you use it. TDE only really comes into play when you move the database to another location (henceen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspx#3112555Wed, 27 Aug 2008 06:48:05 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3112555Buck Woody - Microsoft<p>Ah - but this DBA is career limited not because of the feature, but because he/she refused to read the documentation. Even in the overview topic for this feature it says, and I quote:</p> <p>&quot;Note: &nbsp;</p> <p>When enabling TDE, you should immediately back up the certificate and the private key associated with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the database on another server, you must have backups of both the certificate and the private key or you will not be able to open the database. The encrypting certificate or asymmetric should be retained even if TDE is no longer enabled on the database. Even though the database is not encrypted, the database encryption key may be retained in the database and may need to be accessed for some operations.&quot;</p>http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspx#3112759Wed, 27 Aug 2008 15:53:25 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3112759Thomas Tomiczek<p>Like real DBA's read documentation ;)</p> <p>You are right, though. I had a friend that did exactly that move with his data partition and Vista - disc encryption, no key backup. Private only, so noone fired him. He called me with exactly that question... and I basicalyl told him to keep the hard disc - as a permanent remainder for all the data he lost access to.</p>http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspx#3125340Wed, 17 Sep 2008 21:42:27 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3125340Steve Austin<p>&quot;real&quot; DBAs also test new features before exposing them to the business, regardless of what the docufiction says. &nbsp;;)</p>http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspx#3224109Wed, 08 Apr 2009 20:21:07 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3224109Vantage Point - Bob German's WebLog<p>H1 { FONT-SIZE: medium } Many thanks to everyone who attended the MOSS 2007 and SQL 2008 &quot;Better Together&quot;</p> http://blogs.technet.com/andrew/archive/2008/08/26/career-limiting-move-sql-server-2008-transparent-data-encryption.aspx#3226970Thu, 16 Apr 2009 04:23:12 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3226970Microsoft Technology Centers blog<p>(Cross-posted from Vantage Point: Bob German's Weblog ) H1 { FONT-SIZE: medium } Recently Rich Crane</p>